ConsiDroid: A Concolic-based Tool for Detecting SQL Injection Vulnerability in Android Apps

by   Ehsan Edalat, et al.

Android is a famous OS among users. Existing vulnerabilities in Android apps cause severe harms to the security and privacy of users. Among different methods for detecting vulnerabilities, concolic execution is a dynamic method leading to high code coverage as opposed to random input generation testing. To the best of our knowledge, there is not any tool for detecting vulnerabilities in Android apps with concolic execution. In addition, there is not any Android concolic execution engine. By extending the code applications without any effect on their original source codes with mocking technique, they can be treated as Java application to be concolicly executed by SPF. Android apps are event-driven and inseparable from Google SDK. Our extending codes artificially generate events and make the codes independent from SDK libraries, generated automatically by static analysis. In addition, we take advantage of static analysis to adjust SPF to only inspect those suspicious paths to SQL injection vulnerability. A path is suspicious if it contains a vulnerable function leading to leakage. We conduct SPF such that it makes all application inputs and return values of vulnerable functions tainted. To taint such values, we present the idea of symbolic mock for input and vulnerable functions. An SQL injection vulnerability is detected when a vulnerable function receives a tainted value. Our extended SPF is equipped with taint analysis to detect SQL injection vulnerability. To illustrate the applicability of ConsiDroid, we have inspected 140 apps from F-Droid repository selected randomly. From these apps, we found three apps vulnerable to SQL injection. To validate their vulnerability, we analyzed them manually based on ConsiDroid report.


page 1

page 2

page 3

page 4


Ghera: A Repository of Android App Vulnerability Benchmarks

Security of mobile apps affects the security of their users. This has fu...

Fine with "1234"? An Analysis of SMS One-Time Password Randomness in Android Apps

A fundamental premise of SMS One-Time Password (OTP) is that the used ps...

Fluently specifying taint-flow queries with fluentTQL

Previous work has shown that taint analyses are only useful if correctly...

BabelView: Evaluating the Impact of Code Injection Attacks in Mobile Webviews

A Webview embeds a full-fledged browser in a mobile application and allo...

Demystifying RCE Vulnerabilities in LLM-Integrated Apps

In recent years, Large Language Models (LLMs) have demonstrated remarkab...

Simulating SQL Injection Vulnerability Exploitation Using Q-Learning Reinforcement Learning Agents

In this paper, we propose a first formalization of the process of exploi...

Dissecting Code Vulnerabilities: Insights from C++ and Java Vulnerability Analysis with ReVeal Model

This study presents an analysis conducted on a real-world dataset of Jav...

Please sign up or login with your details

Forgot password? Click here to reset